- + Nokod Security Platform secures low-code/no-code development environments and apps—Nokod Security launched the Nokod Security Platform, enabling organizations to protect against security threats, vulnerabilities, compliance issues, a...
- + Lenovo launches AI-based Cyber Resiliency as a Service—Lenovo has launched its new AI-based Cyber Resiliency as a Service (CRaaS) leveraging Lenovo device telemetry and the Microsoft security software port...
- + Edgio ASM reduces risk from web application vulnerabilities—Edgio launched its Attack Surface Management (ASM) solution. ASM is designed to discover all web assets, provide full inventory of technologies, detec...
- + Gurucul REVEAL empowers organizations with full control over data—Gurucul announced REVEAL, a unified security analytics platform. REVEAL delivers Threat Detection, Investigation and Response (TDIR) regardless of dat...
- + Orum No Code Verify helps businesses validate bank accounts—Orum launched No Code Verify, which helps businesses and institutions determine whether a bank account is open and valid before initiating payments — ...
- + Ransom recovery costs reach $2.73 million—Average ransom payment has increased 500% in the last year, according to Sophos. Organizations that paid the ransom reported an average payment of $2 ...
- + Most companies changed their cybersecurity strategy in the past year—Businesses worldwide have faced a rate of change in the threat environment evidenced by 95% of companies reporting cybersecurity strategy adjustments ...
- + What is cybersecurity mesh architecture (CSMA)?—Cybersecurity mesh architecture (CSMA) is a set of organizing principles used to create an effective security framework. Using a CSMA approach means d...
- + 97% of security leaders have increased SaaS security budgets—58% of the organizations were affected by a SaaS security incident in the last 18 months, according to Valence Security’s 2024 State of SaaS Security ...
- + New infosec products of the week: May 3, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Cybersixgill, Proofpoint, Secure Code Warrior, Sny...
- + 1Password Extended Access Management secures unmanaged applications and devices—1Password launched 1Password Extended Access Management, a new solution that enables businesses to secure every sign-in to every application from ever...
- + New SOHO router malware aims for cloud accounts, internal company resources—Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credenti...
- + Trend Micro expands AI-powered cybersecurity platform—Trend Micro launched significant additional AI-powered functionality in its platform to secure organizational use of AI and better manage the risks as...
- + HITRUST updates Cyber Threat Adaptive engine to address emerging cyber threats—HITRUST announced a comprehensive update to its Cyber Threat Adaptive engine to enable increased accuracy and timeliness of HITRUST CSF updates to add...
- + Secure Code Warrior SCW Trust Score quantifies the security posture of developer teams—Secure Code Warrior unveiled SCW Trust Score, a benchmark that quantifies the security posture of organizations’ developer teams. SCW Trust Score prov...
- + Proofpoint DLP Transform secures data moving to ChatGPT, copilots, and other GenAI tools—Proofpoint announced Data Loss Prevention (DLP) Transform, including GenAI use cases. Today, businesses struggle with the limitations of legacy DLP so...
- + Appdome launches MobileEDR, merging MTD and EDR to protect enterprise mobile apps—Appdome has released Appdome MobileEDR, a new enterprise mobile app protection service that consolidates Mobile Threat Defense (MTD) and Endpoint Dete...
- + Confluent enhances Apache Flink with new features for easier AI and broader stream processing—Confluent has unveiled AI Model Inference, an upcoming feature on Confluent Cloud for Apache Flink, to enable teams to easily incorporate machine lear...
- + Nord Security unveils NordStellar, a platform for advanced cyber threat detection and response—Nord Security introduces NordStellar, a next-generation threat exposure management platform. Created by developers of VPN solution NordVPN, the enterp...
- + CalypsoAI introduces customizable generative AI security scanners for enterprises—CalypsoAI introduced two AI security solutions to the CalypsoAI SaaS platform: next gen security scanners and enhanced security functionalities for ch...
- + Illumio and Wiz’s integration enhances cyber resilience in the cloud—Illumio has partnered with Wiz and joins Wiz Integrations (WIN) Platform. Illumio enhances WIN by bringing the power of Illumio’s Zero Trust Segmentat...
- + Veracode platform enhancements help organizations reduce application risk—Veracode announced platform innovations that set a new standard for developer-powered application security. New repo risk visibility and analysis from...
- + Dropbox says attackers accessed customer and MFA info, API keys—File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and aut...
- + Skyhawk Security unveils cloud-native CTEM, streamlining security with AI-powered automation—Skyhawk Security has unveiled its cloud native Continuous Threat Exposure Management (CTEM) solution. The agentless approach empowers organizations to...
- + Deep Instinct DIANNA provides malware analysis for unknown threats—Deep Instinct announced the launch of Deep Instinct’s Artificial Neural Network Assistant (DIANNA), an AI-based cybersecurity companion that provides ...
- + Venafi launches 90-Day TLS Readiness Solution—Venafi launched its new 90-Day TLS Readiness Solution to help organizations comply with Google’s proposed 90-day TLS certificate standard, impro...
- + Snyk AppRisk Pro leverages AI and third-party integrations for faster risk mitigation—Snyk has released Snyk AppRisk Pro, pairing artificial intelligence (AI) with application context from third-party integrations to help application se...
- + Bitwarden Authenticator protects online services and applications—Bitwarden launched a standalone app for two-factor authentication (2FA) to protect online services and applications from unauthorized access. Bitwarde...
- + Virsec releases security tools to offer ransomware protection—Virsec released TrustSight and TrustGuardian, its newest security tools in the fight against an ever-expanding threat environment – one where ED...
- + 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element—The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according ...
- + Securing your organization’s supply chain: Reducing the risks of third parties—When Stephen Hawking said that “we are all now connected by the internet, like neurons in a giant brain”, very few people understood the gravity of hi...
- + Understanding emerging AI and data privacy regulations—In this Help Net Security interview, Sophie Stalla-Bourdillon, Senior Privacy Counsel & Legal Engineer at Immuta, discusses the AI Act, the Data A...
- + reNgine: Open-source automated reconnaissance framework for web applications—reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process....
- + Women rising in cybersecurity roles, but roadblocks remain—The ISC2 study on women in cybersecurity, a comprehensive research effort that collected responses from 2,400 women, has revealed several significant ...
- + AI-driven phishing attacks deceive even the most aware users—Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics, according to Zscaler. AI auto...
- + A closer look at Apiiro’s SHINE partner program—In this Help Net Security video, Adam LaGreca, Founder of 10KMedia, sat down with John Leon, VP of Partnerships at Apiiro, discusses the company’...
- + Why cloud vulnerabilities need CVEs—When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and ...
- + Making cybersecurity more appealing to women, closing the skills gap—In this Help Net Security interview, Charly Davis, CCO at Sapphire, provides insights into the current challenges and barriers women face in the cyber...
- + Cybersecurity jobs available right now: May 1, 2024—Adversary Simulation Specialist LyondellBasell | Poland | On-site – View job details The Adversary Simulation Specialist will be respo...
- + Building a strong cloud security posture—In this Help Net Security video, David Kellerman, Field CTO at Cymulate, discusses how cloud security still seems to lag even as the cloud grows in po...
- + Essential steps for zero-trust strategy implementation—63% of organizations worldwide have fully or partially implemented a zero-trust strategy, according to Gartner. For 78% of organizations implementing ...
- + Infosec products of the month: April 2024—Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, Bitdefender, CyberInt, Fastly, Forcepoint, IDnow,...
- + Adaptive Shield unveils SaaS security for AI—Adaptive Shield announced SaaS Security Posture Management (SSPM) detection and response capabilities for AI-driven applications to enable enterprises...
- + Onyxia launches AI-powered predictive insights to optimize security management—Onyxia Cyber unveiled OnyxAI to deliver insights that enable security leaders to proactively optimize security performance, resource allocation, and r...
- + Island raises $175 million at $3 billion valuation—Island announced its $175 million Series D financing. The new funding round brings Island’s valuation to $3 billion, doubling the last valuation from ...
- + Synopsys Polaris Assist automates repetitive, time-consuming tasks for security and development teams—Synopsys introduced Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform. Polaris Assist c...
- + FCC fines major wireless carriers over illegal location data sharing—The Federal Communications Commission (FCC) fined the nation’s largest wireless carriers for illegally sharing access to customers’ location informati...
- + Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades—There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited...
- + Cybersixgill Third-Party Intelligence module identifies potential supply chain risks—Cybersixgill, the global cyber threat intelligence data provider, broke new ground by introducing its Third-Party Intelligence module. The new module ...
- + ESET launches two MDR subscription tiers for SMBs and enterprises—ESET launched two new Managed Detection and Response (MDR) subscription tiers: ESET PROTECT MDR for small and medium businesses (SMBs) and ESET PROTEC...
- + ThreatX provides always-active API security from development to runtime—ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spa...
- + CyberQP unveils solutions to help MSPs proactively prevent security incidents—CyberQP announced QGuard Pro, a solution with enhanced capabilities designed to exponentially increase technician efficiency, and a new API for Deploy...
- + UK enacts IoT cybersecurity law—The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT produc...
- + Silobreaker empowers users with timely insight into key cybersecurity incident filings—Silobreaker announced the addition of automatic collection, AI-enhanced analysis, and alerting on 8-K cybersecurity incident filings made to the US Se...
- + Okta warns customers about credential stuffing onslaught—Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originatin...
- + Researchers unveil novel attack methods targeting Intel’s conditional branch predictor—Researchers have found two novel types of attacks that target the conditional branch predictor found in high-end Intel processors, which could be expl...
- + DHS establishes AI Safety and Security Board to protect critical infrastructure—The Department of Homeland Security announced the establishment of the Artificial Intelligence Safety and Security Board (the Board). The Board will a...
- + Prompt Fuzzer: Open-source tool for strengthening GenAI apps—Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats. Pr...
- + How insider threats can cause serious security breaches—Insider threats are a prominent issue and can lead to serious security breaches. Just because someone is a colleague or employee does not grant inhere...
- + AI is creating a new generation of cyberattacks—Most businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven atta...
- + Closing the cybersecurity skills gap with upskilling programs—The list of skills technologists and organizations need to succeed grows with each new tech advancement, according to Pluralsight. But for many organi...
- + Anticipating and addressing cybersecurity challenges—In this Help Net Security round-up, we present excerpts from previously recorded videos in which security experts talk about how increased adoption of...
- + Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-da...
- + Most people still rely on memory or pen and paper for password management—Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey...
- + LSA Whisperer: Open-source tools for interacting with authentication packages—LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is cur...
- + What AI can tell organizations about their M&A risk—Following the past few years of economic turbulence, merger and acquisition (M&A) activity is on the rise in 2024, with several acquisition deals ...
- + Breaking down the numbers: Cybersecurity funding activity recap—Here’s a list of interesting cybersecurity companies that received funding so far in 2024. Aim Security January | $10 million Aim Security ...
- + New infosec products of the week: April 26, 2024—Here’s a look at the most interesting products from the past week, featuring releases from Cyberint, Forcepoint, Invicti Security, Netwrix, Trend Micr...
- + Net neutrality has been restored—The Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair. Today’s decisio...
- + Stellar Cyber and Acronis team up to provide optimized threat detection solutions for MSPs—Stellar Cyber has revealed a new partnership with Acronis, to deliver an optimized threat detection and response solution enabling MSPs to protect on-...
- + Edgio Client-Side Protection enables organizations to secure critical customer data—Edgio released its Client-Side Protection solution. Designed to monitor scripts and APIs on the browser-side to prevent malicious code from exfiltrati...
- + IBM to buy HashiCorp in $6.4 billion cash deal, expanding cloud portfolio—IBM and HashiCorp have entered into a definitive agreement under which IBM will acquire HashiCorp for $35 per share in cash, representing an enterpris...
- + Dropzone AI raises $16.85 million to combat advanced AI attacks—Dropzone AI has raised $16.85 million in Series A funding. Theory Ventures led the round, adding to their cohort of existing investors Decibel Partner...
- + WhyLabs AI Control Center offers teams real-time control over their AI applications—WhyLabs launched a new type of AI operations platform: the AI Control Center. The new platform, which offers teams real-time control over their AI app...
- + ESET integrates with Arctic Wolf to provide greater security visibility—ESET has unveiled a new integration with Arctic Wolf, to ensure increased visibility and protection against modern threats. By integrating ESET Inspec...
- + Sublime Security secures $20 million to strengthen cloud email security and visibility—Sublime Security has raised $20 million in Series A funding, led by Index Ventures with participation from previous investors Decibel Partners and Slo...
- + 56% of cyber insurance claims originate in the email inbox—56% of all 2023 claims were a result of funds transfer fraud (FTF) or business email compromise (BEC), highlighting the importance of email security a...
- + Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response—Anatomy IT has announced the launch of an expanded end-to-end cybersecurity product suite designed to safeguard healthcare delivery organizations from...
- + Fireblocks expands DeFi suite with threat detection features—Fireblocks introduced new security features to its DeFi suite: dApp Protection and Transaction Simulation. As the DeFi sector experiences unprecedente...
- + Nagomi Security raises $30 million to help security teams improve their level of protection—Nagomi Security emerged from stealth with $30 million in funding to fundamentally redefine how security teams optimize effectiveness and drive efficie...
- + BforeAI raises $15 million to prevent attacks before they occur—BforeAI has secured $15 million in Series A funding led by SYN Ventures, with renewed participation from early investors Karma Ventures, Karista, Adde...
- + Applying DevSecOps principles to machine learning workloads—Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the c...
- + Overcoming GenAI challenges in healthcare cybersecurity—In this Help Net Security interview, Assaf Mischari, Managing Partner, Team8 Health, discusses the risks associated with GenAI healthcare innovations ...
- + 25 cybersecurity AI stats you should know—In this article, you will find excerpts from reports we recently covered, which offer stats and insights into the challenges and cybersecurity issues ...
- + 73% of SME security pros missed or ignored critical alerts—Small and medium-sized enterprises (SMEs) IT staff is overwhelmed by the complexity and demands of managing multiple tools in their security stack, le...
- + Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)—A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use...
- + 1Kosmos CSP enables government agencies to digitally verify resident identity—1Kosmos has expanded its offerings for the identity verification and passwordless market with the introduction of a new Credential Service Provider (C...
- + Cyberint platform enhancements boost protection against external threats—Cyberint has unveiled a series of platform updates aimed at bolstering client protection against external threats. Cyberint’s recent platform in...
- + Zero Networks unveils identity segmentation solution to prevent credential theft—Zero Networks announced the addition of identity segmentation capabilities within the Zero Networks platform. As stolen credentials remain a top threa...
- + PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)—More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software...
- + Global attacker median dwell time continues to fall—While the use of zero-day exploits is on the rise, Mandiant’s M-Trends 2024 report reveals a significant improvement in global cybersecurity pos...
- + Comcast Business MDR limits the impact of cyber threats—Comcast Business has expanded its cybersecurity portfolio with the launch of its Comcast Business Managed Detection and Response (MDR) solution. The s...
- + New Relic AI monitoring helps enterprises use AI with confidence—New Relic announced New Relic AI monitoring with a suite of new features to meet the evolving needs of organizations developing AI applications. New f...
- + Secureworks enables users to view known vulnerabilities in the context of threat data—Secureworks announced the ability to integrate vulnerability risk context with threat detection to prevent attackers from exploiting known vulnerabili...
- + GISEC Global 2024 video walkthrough—In this Help Net Security video, we take you inside GISEC Global, which is taking place from April 23 to April 25, 2024, at the Dubai World Trade Cent...
- + GenAI can enhance security awareness training—One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. Fro...
- + AI set to play key role in future phishing attacks—A staggering increase in QR code phishing (quishing) attacks during 2023 saw them skyrocket up the list of concerns for cyber teams globally, accordin...
- + Cybersecurity jobs available right now: April 24, 2024—Blockchain Security Researcher StarkWare | Israel | On-site – View job details The Security Researcher will be responsible for conduct...
- + The relationship between cybersecurity and work tech innovation—As organizations navigate the complexities of hybrid work arrangements and the gradual return to the office, the cybersecurity threat landscape has be...
- + eBook: Cloud security skills—Demonstrating a sound understanding of cloud security key principles and practices opens various professional opportunities. But first, you need the r...
- + Invicti Predictive Risk Scoring identifies highest-risk applications—Invicti announced its new AI-enabled Predictive Risk Scoring capability. The feature assigns predicted risk to applications and helps organizations ga...
- + Forcepoint DSPM safeguards sensitive information by examining data context and content—Forcepoint has launched Forcepoint Data Security Posture Management (DSPM), driven by AI to deliver real-time visibility, ease privacy compliance and ...
- + Entrust protects users against fraud, phishing and other account takeover attacks—Entrust announced a single-vendor enhanced authentication solution that integrates identity verification (IDV) and identity and access management (IAM...
- + Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)—For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulne...
- + Netwrix 1Secure enhancements accelerate threat detection—Netwrix released a new version of its IT auditing software-as-a-service (SaaS) solution, Netwrix 1Secure. It enables prompt detection of suspicious ac...
- + Veritas enhances cyber resilience with AI-powered solutions—Veritas Technologies announced artificial intelligence (AI)-powered advancements in Veritas 360 Defense. With the self-defending data protection solut...
- + Stellar Cyber launches MITRE ATT&CK Coverage Analyzer—Stellar Cyber launched the MITRE ATT&CK Coverage Analyzer, enabling users to visualize the impact of data source changes on their ability to detec...
- + Veeam acquires Coveware to boost its ransomware protection capabilities—Veeam Software announced the acquisition of Coveware, a provider in cyber-extortion incident response. It brings ransomware recovery and first respond...
- + CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)—A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crow...
- + Trellix Email Security for Microsoft Office 365 improves email defense—Trellix announced Trellix Email Security for Microsoft Office 365. Combining threat detection, threat intelligence, and security expertise, Trellix of...
- + Align introduces ransomware prevention feature, powered by Adlumin—Align announces the inclusion of a new ransomware prevention feature to enhance its Align Guardian Managed Detection and Response offering powered by ...
- + The rising influence of AI on the 2024 US election—We stand at a crossroads for election misinformation: on one side our election apparatus has reached a higher level of security and is better defended...
- + 10 colleges and universities shaping the future of cybersecurity education—Institutions featured on this list often provide undergraduate and graduate degrees, courses, as well as certificate programs tailored to meet the gro...
- + People doubt their own ability to spot AI-generated deepfakes—23% of Americans said they recently came across a political deepfake they later discovered to be fake, according to McAfee. The actual number of peopl...
- + What is multi-factor authentication (MFA), and why is it important?—Setting up MFA can seem daunting for consumers just beginning to clean up their security postures. In this Help Net Security video, Larry Kinkaid, Man...
- + Behavioral patterns of ransomware groups are changing—Q1 saw substantial shifts in activity from some of the most prolific Ransomware-as-a-Service (RaaS) groups, according to GuidePoint Security. RaaS gro...
- + apexanalytix Passkeys protects data with biometric authentication—apexanalytix launched Passkeys, a feature that enables suppliers to securely log into their accounts using biometrics like a fingerprint or face scan,...
- + Binary Defense enhances BDVision to improve security for SMBs—Binary Defense announced several important updates to BDVision, the company’s real-time detection and containment Managed Endpoint Detection & Res...
- + Trend Micro launches AI-driven cyber risk management capabilities—Trend Micro unveiled AI-driven cyber risk management capabilities across its entire flagship platform, Trend Vision One. This seamlessly integrates mo...
- + MITRE breached by nation-state threat actor via Ivanti zero-days—MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. T...
- + The first steps of establishing your cloud security strategy—In this article, we’ll identify some first steps you can take to establish your cloud security strategy. We’ll do so by discussing the cloud security ...
- + How to optimize your bug bounty programs—In this Help Net Security interview, Roy Davis, Manager – Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty progr...
- + Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity—Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioner...
- + Fuxnet malware: Growing threat to industrial sensors—In this Help Net Security video, Sonu Shankar, Chief Strategy Officer at Phosphorus, discusses how Blackjack’s Fuxnet malware should be a wakeup call ...
- + Uncertainty is the most common driver of noncompliance—Most compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact ...
- + How to improve response to emerging cybersecurity threats—Cyber resilience is a top priority for global organizations, and understanding threats plays a crucial role in building and maintaining a layered secu...
- + Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack—Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks...
- + Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!—More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims t...
- + LastPass users targeted by vishing attackers—The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “In...
- + Protobom: Open-source software supply chain tool—Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communi...
- + The key pillars of domain security—From branded emails and marketing campaigns to critical protocols, internal portals, and internet traffic, domains are central to digital enterprise o...
- + 51% of enterprises experienced a breach despite large security stacks—Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who ad...
- + New infosec products of the week: April 19, 2024—Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium...
- + Gurucul federated search provides insights into data that is not centralized—Gurucul announced enhancements to its federated search capabilities. Gurucul federated search empowers users to run queries from a single console acro...
- + AuditBoard expands executive team to support the next phase of growth—AuditBoard announced it has brought on public SaaS company veteran Jeff Harper as Chief Human Resources Officer (CHRO) to help scale the organization ...
- + Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)—The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vul...
- + Immuta launches Domains policy enforcement to improve security and governance for data owners—Immuta launched Domains policy enforcement, a new capability in the Immuta Data Security Platform that provides additional controls for data owners to...
- + Redgate Monitor Enterprise prevents unauthorized access to sensitive information—Redgate has launched an enterprise version of its popular database monitoring tool, providing a range of new features to address the challenges of sca...
- + SAS unveils products and services to help customers embrace AI—SAS is launching new AI products and services to improve AI governance and support model trust and transparency. Model cards and new AI Governance Adv...
- + Armis acquires Silk Security for $150 million—Armis has acquired Silk Security for a total of $15 million and will integrate the Silk Platform into the Armis Centrix AI-based Vulnerability Priorit...
- + Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation—While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices...
- + Thinking outside the code: How the hacker mindset drives innovation—Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security fi...
- + Cybersecurity jobs available right now: April 17, 2024—Client Security Officer Unisys | USA | Remote – View job details The Client Security Officer (CSO) is part of Unisys account managemen...
- + Damn Vulnerable RESTaurant: Open-source API service designed for learning—Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code throug...
- + Understanding next-level cyber threats—In this Help Net Security video, Trevor Hilligoss, VP of SpyCloud Labs, discusses the 2024 SpyCloud Identity Exposure Report, an annual report examini...
- + IT and security professionals demand more workplace flexibility—The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a...
- + PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)—A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “...
- + Cisco Duo provider breached, SMS MFA logs compromised—Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-facto...
- + Vercara UltraEdge offers protection against internet-based threats—Vercara launched UltraEdge, a comprehensive edge platform that includes an innovative Content Delivery Network (CDN), integrated application security,...
- + Tanium Automate reduces manual processes for repeatable tasks—Alongside Tanium Guardian and its partnership with Microsoft Copilot for Security, Tanium Automate serves as another critical component in support of ...
- + New open-source project takeover attacks spotted, stymied—The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the ...
- + GuidePoint Security introduces IoT Security Assessment—GuidePoint Security announced its IoT Security Assessment, a new cybersecurity service. GuidePoint Security’s team of IoT security and embedded system...
- + Sectigo SCM Pro automates certificate management—Sectigo launched SCM Pro, a solution to bring the robustness of enterprise CLM to Small and midsize enterprises (SMEs), effectively leveling the playi...
- + IDnow VideoIdent Flex blends AI technology with human interaction—IDnow has unveiled VideoIdent Flex, a new version of its expert-led video verification service that blends advanced AI technology with human interacti...
- + 5 free red teaming resources to get you started—Red teaming is evaluating the effectiveness of your cybersecurity by eliminating defender bias and adopting an adversarial perspective within your org...
- + AI set to enhance cybersecurity roles, not replace them—In this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in e...
- + Audio deepfakes: What they are, and the risks they present—Audio deepfakes are becoming a big problem. Recent cybercriminal campaigns use voice cloning technology to replicate the speech tone and patterns of c...
- + 31% of women in tech consider switching roles over the next year—31% of women in tech are considering leaving their organization over the next 12 months due foremost to poor management, followed by a lack of trainin...
- + Privacera adds access control and data filtering functionality for Vector DB/RAG—Privacera announced the addition of new access control and fine-grained data filtering functionality for Vector DB/RAG to Privacera AI Governance (PAI...
- + A critical vulnerability in Delinea Secret Server allows auth bypass, admin access—Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allo...
- + eBook: Why CISSP?—As new cyber threats emerge daily in our connected world, there’s never been a greater urgency for cybersecurity professionals than now. What can CISS...
- + ShadowDragon Horizon enhancements help users conduct investigations from any device—ShadowDragon announced significant enhancements to its Open-Source Intelligence Investigative platform Horizon. These updates represent a milestone in...
- + How to protect IP surveillance cameras from Wi-Fi jamming—Gone are the days of criminals cutting camera wires to evade detection: with the proliferation of affordable internet-connected cameras, burglars must...
- + Geopolitical tensions escalate OT cyber attacks—In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology (OT) cyber attac...
- + Exposing the top cloud security threats—Many companies consider AI-powered threats to be the top cloud security threat to their business. Concerningly, less than half are confident in their ...
As of 5/3/24 7:05am. Last new 5/3/24 7:05am. Score: 244
- Next feed in category: Homeland Security News Wire